8. Using the TLS/SSL Encryption

The TLS (Transport Layer Security) protocol provides
communications privacy over the Internet. It is described in
RFC 2246 document. The protocol allows client/server
applications to communicate in a way that prevents
eavesdropping, tampering, or message forgery. The primary goal of the
protocol is to provide privacy and data integrity between two
communicating applications. The TLS protocol itself is based on the
SSL 3.0 (Secure Socket Layer) protocol specification.

GNU Anubis supports the TLS/SSL (via the GnuTLS, a Transport
Layer Security Library available from http://www.gnutls.org/),
but your MTA must provide the `STARTTLS' command
first. This can be checked by:

$ telnet your-smtp-host 25
ehlo your-domain-name

The server will response with all its available commands.
If you see the word `STARTTLS', then you can use the
TLS/SSL encryption. If your MUA doesn't support
the TLS/SSL encryption, but your MTA does, then
you should use the `oneway-ssl' keyword in your configuration
file. Before using the TLS/SSL encryption, generate
a proper private key and a certificate. GNU anubis provides
a scrypt `keygen.sh' which can be used for this, e.g.:

$ cd anubis-directory
$ ./build/keygen.sh

This will create the `anubis.pem' file.
Copy it to the directory of your choice, e.g. `/usr/share/ssl/certs/'.
Next, edit your configuration file by adding: